Routers Branded 'Achilles Heel' of Home and Small Biz Security

A worrying 15% of home routers are wide open to hackers through the use of default or easy-to-guess passwords, according to new research from Eset.

The firm tested over 12,000 devices via its Home Network Protection feature and found them to be a gateway for malicious threats into the home and small business.

Aside from the 15% with weak and default credentials, around 7% of the testing sample contained high or medium severity bugs, security evangelist Peter Stancik explained in a blog post.

Over half were bad access rights vulnerabilities, 40% were command injection flaws and almost 10% were cross-site scripting bugs.

“Furthermore, port scanning revealed that in many cases network services were accessible from internal as well as from external networks,” Stancik continued.

“In particular, unsecured services such as Telnet shouldn’t be left open, not even to local network, which was – unfortunately – the case on more than 20% of the tested routers.”

The findings echo a global study by the non-profit prpl Foundation recently which found that only a third of users (37%) changed the default password on their home router, while 20% claimed never to have updated the firmware.

What’s more, 70% of UK users claimed to have taken no action at all to secure their router.

However, that report also revealed that consumers are prepared to take on more responsibility when it comes to security – at odds with current vendor thinking that they’re only interested in price and usability.

Some 60% said they thought the home user should take ownership of securing their connected devices, versus the manufacturer (20%) and service provider (20%). A further 42% said they’d prefer to pay more for more secure devices, while a third (32%) said security concerns are preventing them from buying more.

Eset recommended users change default router passwords to strong credentials and always update to the latest firmware.

What’s Hot on Infosecurity Magazine?